REPORTING BUG
Eion Robb
eion at robbmob.com
Wed Jun 24 21:26:31 EDT 2015
Standard POST traffic over HTTPS. Nothing to see here.
On 25 June 2015 at 13:19, Ethan Blanton <elb at pidgin.im> wrote:
> Deep-Hack spake unto us the following wisdom:
> > This is Deepali Malekar , Security Researcher. I have found a bug on your
> > site that i would like to share with you. This bug is related Credentials
> > are in clear text and it may be harm for your users credentials.
> >
> > Vulnerability: Clear Text Credential
> > Vulnerable Link:
> >
> https://pidgin.im/cgi-bin/mailman/private/cabal/attachments/20070320/0e2f8078/
> > Parameter: username and password
>
> 1) Nobody does this with accounts with any privilege.
> 2) Mailing lists routinely MAIL PEOPLE THEIR PASSWORDS.
> 3) This is standard mailman, I hope you're not trolling through
> everyone on the Internet who uses mailman.
>
> > Generally all big company provide reward for security researcher so i am
> > also hopping same from your end in good faith.
>
> We're not a company, we don't have any money, and this isn't a
> vulnerability that a sophisticated security researcher would report.
> I appreciate that you're trying to learn about network security, but
> you need to learn about the specific tools you're testing as well as
> the possible ways they can be insecure. (E.g., in this case, what
> mailman is and how it's generally used.)
>
> Good luck with your studies,
> Ethan
> _______________________________________________
> security mailing list
> security at pidgin.im
> https://pidgin.im/cgi-bin/mailman/listinfo/security
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20150625/d06f7871/attachment.html>
More information about the security
mailing list